Merge pull request moby#48209 from thaJeztah/remove_deprecated_cors_h…

…eaders remove support for setting CORS headers (deprecated)
thaJeztah · Jul 26, 2024 · 08d7b56 · 08d7b56
2 parents 951a04c + ae96ce8
commit 08d7b56
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 51 deletions.
diff --git a/api/server/middleware/cors.go b/api/server/middleware/cors.go
diff --git a/cmd/dockerd/config.go b/cmd/dockerd/config.go
@@ -75,7 +75,8 @@ func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
 
 	// Deprecated flags / options
 
-	flags.StringVar(&conf.CorsHeaders, "api-cors-header", "", "Set CORS headers in the Engine API; deprecated, and will be removed in the next release")
+	// TODO(thaJeztah): option is used to produce error when used; remove in next release
+	flags.StringVar(&conf.CorsHeaders, "api-cors-header", "", "Set CORS headers in the Engine API; deprecated: this feature was deprecated in 27.0, and now removed")
 	_ = flags.MarkDeprecated("api-cors-header", "accessing Docker API through a browser is insecure; use a reverse proxy if you need CORS headers")
 	flags.BoolVarP(&conf.AutoRestart, "restart", "r", true, "--restart on the daemon has been deprecated in favor of --restart policies on docker run")
 	_ = flags.MarkDeprecated("restart", "Please use a restart policy on docker run")

diff --git a/cmd/dockerd/daemon.go b/cmd/dockerd/daemon.go
@@ -735,7 +735,7 @@ func (opts routerOptions) Build() []router.Router {
 	return routers
 }
 
-func initMiddlewares(ctx context.Context, s *apiserver.Server, cfg *config.Config, pluginStore plugingetter.PluginGetter) (*authorization.Middleware, error) {
+func initMiddlewares(_ context.Context, s *apiserver.Server, cfg *config.Config, pluginStore plugingetter.PluginGetter) (*authorization.Middleware, error) {
 	exp := middleware.NewExperimentalMiddleware(cfg.Experimental)
 	s.UseMiddleware(exp)
 
@@ -745,12 +745,6 @@ func initMiddlewares(ctx context.Context, s *apiserver.Server, cfg *config.Confi
 	}
 	s.UseMiddleware(*vm)
 
-	if cfg.CorsHeaders != "" && os.Getenv("DOCKERD_DEPRECATED_CORS_HEADER") != "" {
-		log.G(ctx).Warn(`DEPRECATED: The "api-cors-header" config parameter and the dockerd "--api-cors-header" option will be removed in the next release. Use a reverse proxy if you need CORS headers.`)
-		c := middleware.NewCORSMiddleware(cfg.CorsHeaders) //nolint:staticcheck // ignore SA1019 (NewCORSMiddleware is deprecated); will be removed in the next release.
-		s.UseMiddleware(c)
-	}
-
 	authzMiddleware := authorization.NewMiddleware(cfg.AuthorizationPlugins, pluginStore)
 	s.UseMiddleware(authzMiddleware)
 	return authzMiddleware, nil

diff --git a/daemon/config/config.go b/daemon/config/config.go
@@ -160,7 +160,7 @@ type CommonConfig struct {
 	Root                  string   `json:"data-root,omitempty"`
 	ExecRoot              string   `json:"exec-root,omitempty"`
 	SocketGroup           string   `json:"group,omitempty"`
-	CorsHeaders           string   `json:"api-cors-header,omitempty"` // Deprecated: CORS headers should not be set on the API. This feature will be removed in the next release.
+	CorsHeaders           string   `json:"api-cors-header,omitempty"` // Deprecated: CORS headers should not be set on the API. This feature will be removed in the next release. // TODO(thaJeztah): option is used to produce error when used; remove in next release
 
 	// Proxies holds the proxies that are configured for the daemon.
 	Proxies `json:"proxies"`
@@ -683,6 +683,11 @@ func Validate(config *Config) error {
 		}
 	}
 
+	if config.CorsHeaders != "" {
+		// TODO(thaJeztah): option is used to produce error when used; remove in next release
+		return errors.New(`DEPRECATED: The "api-cors-header" config parameter and the dockerd "--api-cors-header" option have been removed; use a reverse proxy if you need CORS headers`)
+	}
+
 	// validate platform-specific settings
 	return config.ValidatePlatformConfig()
 }